(a) You are a manager in one of the leading accounting Finns in the country. You have been registered as a network user on the company’s local area network (LAN) which enable you to send memos electronic mail. You are however concerned about the security of the LAN.
(i) Explain four administrative controls that should be implemented to guarantee the network security.
(ii) Describe two methods or techniques used to secure the electronic mail
messages being transmitted through the network.
(iii) Explain three policy issues that should be put in place to reduce virus-rom
attacking your network.
(b) On coming back from a fact finding mission about a company in need of automating its sales department, your supervisor hands over a report to you for analysis. Since you are on internship in the Firm, you are only required to comment your ideas for consideration before they can be approved for implementation.
(i) Explain what is meant systems analysis.
(ii) Outline four main objectives of systems analysis.
(iii) State some of the personnel who work in the information systems and their tasks in the analysis phase.
a) (i) Administrative controls that need to be implemented:
1. USE OF COMPETENT PERSONNEL
This reduces the risk of data being lost or equipment being damaged due to incompetence.
2. ROTATION AND DIVISION OF LABOUR
Network control functions should be separated and duties rotated on a regular basis. Division of labour ensures that the network control is performed effectively. Rotation of duties reduces the risk of sabotage staff members since such an
attempt would require that the staff member be in charge of the given duties for a
considerable period of time.
3. AUDIT TRAIL REVIEW
Audit trails should be reviewed periodically operations management to detect any unauthorized network operation activities.
4. DOCUMENTATION AND REVIEW OF STANDARDS
Network operation standards and protocols should be documented and made available to the operators and should be reviewed periodically to ensure compliance.
Network access should be closely monitored and reviewed system engineers to detect unauthorized access.
(ii) Techniques used to secure e-mail messages:
1. DATA ENCRYPTION
The e-mail messages could be encrypted (converted into a coded form) a code before being sent. At the receiver‘s end, the messages are decrypted before being read. This technique would prevent eavesdropping.
2. DIGITAL SIGNATURES
This works together with the principle of data encryption to guarantee authenticity of e- mail messages and thus avoid falsified sender‘s identities. The sender adds a digital signature to the message being sent. A digital signature is issued certificate authorities which certify the credibility of an individual communicating over the Internet. Digital signatures thus provide assurance that the sender of a message is really who he claims to be.
o Policy issues
Antivirus software should be installed on all the computers on the network to detect and clean out viruses.
Floppy disk drives could be disabled to reduce the risk of viruses being brought to the computer through diskettes.
Have vendors run demonstrations on their machines and not the company‘s machines. Allow no disk to be used until it has been scanned on a stand-alone machine that is used for no other purpose and is not connected to your network.
Update virus software scanning definitions frequently. Write protect all diskettes with .EXE or .COM extensions.
Enforce a rule of not using software without first scanning the shareware thoroughly for a virus.
Scan any new commercial software before it is installed since commercial software is occasionally supplied with a Trojan horse.
Create a special master boot record that makes the hard disk inaccessible when booting from a diskette or CD-ROM. This ensures that the diskette or optical media cannot contaminate the hard disk.
b) (i) System analysis
This is the in-depth study of the problem that the company intending to automate its sales department will try to solve with an information system. It consists in defining the problem, identifying its causes, specifying the solution and identifying the requirements that must be met a system solution.
(ii) Main objectives of systems analysis:
1. To determine information needs of an organization and the users of that information.
2. Determination of the current activities of the system i.e. functions involved in conversion of inputs to outputs.
3. Determination of the intended system‘s outputs.
4. Determination of the resources required for the intended system.
5. Determination of capabilities required in the system to meet the information needs of the organization.
(iii) Personnel and their tasks:
1. SALES CLERKS
They would help in determining the current activities of the system identifying the functions involved in the conversion of inputs to outputs.
2. SALES DEPARTMENT MANAGER
He/She would help in determining the intended system‘s outputs specifying the kind of reports he would desire from the automated information system. He/She would also assist in determining the information needs of the company and the other users (especially managers) of the information.
3. SYSTEMS ANALYST
He/She oversees the running of the system analysis. He/She liaises with the end users i.e. the clerks and the sales department manager to establish the current activities of the system, the information needs of the organization, the intended systems outputs, the resources required for the intended system and the capabilities required in the intended system in order to meet the information needs of the organization. The systems analyst also prepares and presents to management the feasibility study report which details the current situation and the way forward.